IETF Logo Mail Archive

Re: [Ntp] WGLC: draft-ietf-ntp-interleaved-modes

Miroslav Lichvar <mlichvar@redhat.com> Tue, 05 March 2019 13:00 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE48713130C for <ntp@ietfa.amsl.com>; Tue, 5 Mar 2019 05:00:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O23aMouHPJ4y for <ntp@ietfa.amsl.com>; Tue, 5 Mar 2019 05:00:07 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BDE81312E9 for <ntp@ietf.org>; Tue, 5 Mar 2019 05:00:07 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3351F4ACDF; Tue, 5 Mar 2019 13:00:06 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 67852608C1; Tue, 5 Mar 2019 13:00:05 +0000 (UTC)
Date: Tue, 05 Mar 2019 14:00:03 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Daniel Franke <dfoxfranke@gmail.com>
Cc: ntp@ietf.org
Message-ID: <20190305130003.GJ21520@localhost>
References: <2C2DBD6F-727F-48DB-BB48-14CE7F7F8B95@isoc.org> <CAJm83bBWve8DiQksQhnVF1uhnaN0kD-1kuJTDw-hoByyH7kMoA@mail.gmail.com> <20190102122028.GE30177@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20190102122028.GE30177@localhost>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 05 Mar 2019 13:00:06 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/POThnbdT1fSwygjqIvjdn-Jpw1s>
Subject: Re: [Ntp] WGLC: draft-ietf-ntp-interleaved-modes
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2019 13:00:17 -0000

I have some data with respect to the concern that existing clients may
be unintentionally sending requests in the interleaved mode and not
being able to process the responses. There was a discussion about this
on the last interim meeting, but some people who I think would be
interested and may had useful comments were not present, so I'm
repeating it here.

I have analyzed NTP traffic on three public servers from the
pool.ntp.org project, in three different countries (all included also
in the global zone). They were capturing the traffic for about two
weeks. In total it was about 3.5 billion requests. I've excluded my
own clients and testing tools using the interleaved mode from the
analysis.

About 20% of all requests had a non-zero origin timestamp.

About 0.0002% of all requests were in the interleaved mode (receive
timestamp different from transmit timestamp and origin timestamp equal
to one of the server's previous 50 million receive timestamps).

All clients that sent an interleaved request seemed to use the mode
consistently. There was not a single interleaved request generated by
chance.

There were two clients sending interleaved requests, but not able to
process an interleaved response, i.e. it was always followed by a
request using the origin timestamp from the last basic response. Both
clients were identified as the older NTPsec version which had an
incompletely removed implementation of the interleaved mode.

So, it doesn't look like there is a client that accidentally
implemented requests in the interleaved mode on its own, e.g. by not
strictly following the existing RFCs.

The question is what, if anything, should be done about clients that
have or will have an incomplete or buggy implementation of the
interleaved mode. That could happen at any time and it doesn't matter
how the protocol is designed, if it's using an extension field, or
not.

One option is to change the draft to require the servers to drop the
pair of receive and transmit timestamps once it has been used to
generate a response. That will force the protocol to fall back to the
basic mode when the client is not able to process the response. In the
worst case this would effectively cause a 50% packet loss, but the
client would still be able to synchronize to the basic responses.

The drawback is that the protocol will fall back to the basic mode
when the response is really lost, when the server could still have
responded with the same timestamp to the following request and the
client was able to process it.

Thoughts?

-- 
Miroslav Lichvar

v2.23.0 | Report a Bug | By Email